cvelistv5 - cve-2007-1900

CVE-2007-1900 (GCVE-0-2007-1900)

Vulnerability from cvelistv5 – Published: 2007-04-10 18:00 – Updated: 2024-08-07 13:13

Summary

CRLF injection vulnerability in the FILTER_VALIDATE_EMAIL filter in ext/filter in PHP 5.2.0 and 5.2.1 allows context-dependent attackers to inject arbitrary e-mail headers via an e-mail address with a '\n' character, which causes a regular expression to ignore the subsequent part of the address string.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	http://secunia.com/advisories/26231	third-party-advisoryx_refsource_SECUNIA
	http://secunia.com/advisories/25056	third-party-advisoryx_refsource_SECUNIA
	http://secunia.com/advisories/27110	third-party-advisoryx_refsource_SECUNIA
	http://www.debian.org/security/2007/dsa-1283	vendor-advisoryx_refsource_DEBIAN
	http://www.osvdb.org/33962	vdb-entryx_refsource_OSVDB
	http://security.gentoo.org/glsa/glsa-200705-19.xml	vendor-advisoryx_refsource_GENTOO
	http://www.vupen.com/english/advisories/2007/2016	vdb-entryx_refsource_VUPEN
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	http://www.gentoo.org/security/en/glsa/glsa-20071…	vendor-advisoryx_refsource_GENTOO
	https://oval.cisecurity.org/repository/search/def…	vdb-entrysignaturex_refsource_OVAL
	http://secunia.com/advisories/25062	third-party-advisoryx_refsource_SECUNIA
	http://www.php-security.org/MOPB/PMOPB-45-2007.html	x_refsource_MISC
	https://www.redhat.com/archives/fedora-package-an…	vendor-advisoryx_refsource_FEDORA
	http://secunia.com/advisories/24824	third-party-advisoryx_refsource_SECUNIA
	http://www.trustix.org/errata/2007/0023/	vendor-advisoryx_refsource_TRUSTIX
	http://www.ubuntu.com/usn/usn-455-1	vendor-advisoryx_refsource_UBUNTU
	http://www.vupen.com/english/advisories/2007/3386	vdb-entryx_refsource_VUPEN
	http://secunia.com/advisories/27037	third-party-advisoryx_refsource_SECUNIA
	http://slackware.com/security/viewer.php?l=slackw…	vendor-advisoryx_refsource_SLACKWARE
	http://www.php.net/releases/5_2_3.php	x_refsource_CONFIRM
	http://h20000.www2.hp.com/bizsupport/TechSupport/…	vendor-advisoryx_refsource_HP
	http://h20000.www2.hp.com/bizsupport/TechSupport/…	vendor-advisoryx_refsource_HP
	http://secunia.com/advisories/25535	third-party-advisoryx_refsource_SECUNIA
	http://secunia.com/advisories/27102	third-party-advisoryx_refsource_SECUNIA
	http://secunia.com/advisories/25445	third-party-advisoryx_refsource_SECUNIA
	http://www.securityfocus.com/bid/23359	vdb-entryx_refsource_BID
	http://secunia.com/advisories/25057	third-party-advisoryx_refsource_SECUNIA
	http://www.novell.com/linux/security/advisories/2…	vendor-advisoryx_refsource_SUSE

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T13:13:41.791Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "26231",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/26231"
          },
          {
            "name": "25056",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/25056"
          },
          {
            "name": "27110",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/27110"
          },
          {
            "name": "DSA-1283",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2007/dsa-1283"
          },
          {
            "name": "33962",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/33962"
          },
          {
            "name": "GLSA-200705-19",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-200705-19.xml"
          },
          {
            "name": "ADV-2007-2016",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/2016"
          },
          {
            "name": "php-filtervalidateemail-header-injection(33510)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33510"
          },
          {
            "name": "GLSA-200710-02",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://www.gentoo.org/security/en/glsa/glsa-200710-02.xml"
          },
          {
            "name": "oval:org.mitre.oval:def:6067",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6067"
          },
          {
            "name": "25062",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/25062"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.php-security.org/MOPB/PMOPB-45-2007.html"
          },
          {
            "name": "FEDORA-2007-2215",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00397.html"
          },
          {
            "name": "24824",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/24824"
          },
          {
            "name": "2007-0023",
            "tags": [
              "vendor-advisory",
              "x_refsource_TRUSTIX",
              "x_transferred"
            ],
            "url": "http://www.trustix.org/errata/2007/0023/"
          },
          {
            "name": "USN-455-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/usn-455-1"
          },
          {
            "name": "ADV-2007-3386",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/3386"
          },
          {
            "name": "27037",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/27037"
          },
          {
            "name": "SSA:2007-152-01",
            "tags": [
              "vendor-advisory",
              "x_refsource_SLACKWARE",
              "x_transferred"
            ],
            "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2007\u0026m=slackware-security.482863"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.php.net/releases/5_2_3.php"
          },
          {
            "name": "SSRT071447",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795"
          },
          {
            "name": "HPSBUX02262",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795"
          },
          {
            "name": "25535",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/25535"
          },
          {
            "name": "27102",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/27102"
          },
          {
            "name": "25445",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/25445"
          },
          {
            "name": "23359",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/23359"
          },
          {
            "name": "25057",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/25057"
          },
          {
            "name": "SUSE-SA:2007:032",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://www.novell.com/linux/security/advisories/2007_32_php.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2007-04-07T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "CRLF injection vulnerability in the FILTER_VALIDATE_EMAIL filter in ext/filter in PHP 5.2.0 and 5.2.1 allows context-dependent attackers to inject arbitrary e-mail headers via an e-mail address with a \u0027\\n\u0027 character, which causes a regular expression to ignore the subsequent part of the address string."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-10-10T00:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "26231",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/26231"
        },
        {
          "name": "25056",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/25056"
        },
        {
          "name": "27110",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/27110"
        },
        {
          "name": "DSA-1283",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2007/dsa-1283"
        },
        {
          "name": "33962",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/33962"
        },
        {
          "name": "GLSA-200705-19",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-200705-19.xml"
        },
        {
          "name": "ADV-2007-2016",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/2016"
        },
        {
          "name": "php-filtervalidateemail-header-injection(33510)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33510"
        },
        {
          "name": "GLSA-200710-02",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://www.gentoo.org/security/en/glsa/glsa-200710-02.xml"
        },
        {
          "name": "oval:org.mitre.oval:def:6067",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6067"
        },
        {
          "name": "25062",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/25062"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.php-security.org/MOPB/PMOPB-45-2007.html"
        },
        {
          "name": "FEDORA-2007-2215",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00397.html"
        },
        {
          "name": "24824",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/24824"
        },
        {
          "name": "2007-0023",
          "tags": [
            "vendor-advisory",
            "x_refsource_TRUSTIX"
          ],
          "url": "http://www.trustix.org/errata/2007/0023/"
        },
        {
          "name": "USN-455-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/usn-455-1"
        },
        {
          "name": "ADV-2007-3386",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/3386"
        },
        {
          "name": "27037",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/27037"
        },
        {
          "name": "SSA:2007-152-01",
          "tags": [
            "vendor-advisory",
            "x_refsource_SLACKWARE"
          ],
          "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2007\u0026m=slackware-security.482863"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.php.net/releases/5_2_3.php"
        },
        {
          "name": "SSRT071447",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795"
        },
        {
          "name": "HPSBUX02262",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795"
        },
        {
          "name": "25535",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/25535"
        },
        {
          "name": "27102",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/27102"
        },
        {
          "name": "25445",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/25445"
        },
        {
          "name": "23359",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/23359"
        },
        {
          "name": "25057",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/25057"
        },
        {
          "name": "SUSE-SA:2007:032",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://www.novell.com/linux/security/advisories/2007_32_php.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-1900",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "CRLF injection vulnerability in the FILTER_VALIDATE_EMAIL filter in ext/filter in PHP 5.2.0 and 5.2.1 allows context-dependent attackers to inject arbitrary e-mail headers via an e-mail address with a \u0027\\n\u0027 character, which causes a regular expression to ignore the subsequent part of the address string."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "26231",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/26231"
            },
            {
              "name": "25056",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/25056"
            },
            {
              "name": "27110",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/27110"
            },
            {
              "name": "DSA-1283",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2007/dsa-1283"
            },
            {
              "name": "33962",
              "refsource": "OSVDB",
              "url": "http://www.osvdb.org/33962"
            },
            {
              "name": "GLSA-200705-19",
              "refsource": "GENTOO",
              "url": "http://security.gentoo.org/glsa/glsa-200705-19.xml"
            },
            {
              "name": "ADV-2007-2016",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/2016"
            },
            {
              "name": "php-filtervalidateemail-header-injection(33510)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33510"
            },
            {
              "name": "GLSA-200710-02",
              "refsource": "GENTOO",
              "url": "http://www.gentoo.org/security/en/glsa/glsa-200710-02.xml"
            },
            {
              "name": "oval:org.mitre.oval:def:6067",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6067"
            },
            {
              "name": "25062",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/25062"
            },
            {
              "name": "http://www.php-security.org/MOPB/PMOPB-45-2007.html",
              "refsource": "MISC",
              "url": "http://www.php-security.org/MOPB/PMOPB-45-2007.html"
            },
            {
              "name": "FEDORA-2007-2215",
              "refsource": "FEDORA",
              "url": "https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00397.html"
            },
            {
              "name": "24824",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/24824"
            },
            {
              "name": "2007-0023",
              "refsource": "TRUSTIX",
              "url": "http://www.trustix.org/errata/2007/0023/"
            },
            {
              "name": "USN-455-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/usn-455-1"
            },
            {
              "name": "ADV-2007-3386",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/3386"
            },
            {
              "name": "27037",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/27037"
            },
            {
              "name": "SSA:2007-152-01",
              "refsource": "SLACKWARE",
              "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2007\u0026m=slackware-security.482863"
            },
            {
              "name": "http://www.php.net/releases/5_2_3.php",
              "refsource": "CONFIRM",
              "url": "http://www.php.net/releases/5_2_3.php"
            },
            {
              "name": "SSRT071447",
              "refsource": "HP",
              "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795"
            },
            {
              "name": "HPSBUX02262",
              "refsource": "HP",
              "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795"
            },
            {
              "name": "25535",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/25535"
            },
            {
              "name": "27102",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/27102"
            },
            {
              "name": "25445",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/25445"
            },
            {
              "name": "23359",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/23359"
            },
            {
              "name": "25057",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/25057"
            },
            {
              "name": "SUSE-SA:2007:032",
              "refsource": "SUSE",
              "url": "http://www.novell.com/linux/security/advisories/2007_32_php.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2007-1900",
    "datePublished": "2007-04-10T18:00:00",
    "dateReserved": "2007-04-10T00:00:00",
    "dateUpdated": "2024-08-07T13:13:41.791Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:php:php:5.2.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CD02D837-FD28-4E0F-93F8-25E8D1C84A99\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:php:php:5.2.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"88358D1E-BE6F-4CE3-A522-83D1FA4739E3\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"CRLF injection vulnerability in the FILTER_VALIDATE_EMAIL filter in ext/filter in PHP 5.2.0 and 5.2.1 allows context-dependent attackers to inject arbitrary e-mail headers via an e-mail address with a \u0027\\\\n\u0027 character, which causes a regular expression to ignore the subsequent part of the address string.\"}, {\"lang\": \"es\", \"value\": \"Vulnerabilidad de inyecci\\u00f3n CRLF (retorno de carro y nueva l\\u00ednea) en el filtro FILTER_VALIDATE_EMAIL en ext/filter de PHP 5.2.0 y 5.2.1 permite a atacantes locales o remotos dependiendo del contexto inyectar cabeceras de correo electr\\u00f3nico de su elecci\\u00f3n mediante una direcci\\u00f3n de correo con un car\\u00e1cter \u0027\\\\n\u0027, lo cual provoca que una expresi\\u00f3n regular ignore la correspondiente parte de la cadena de direcci\\u00f3n.\"}]",
      "id": "CVE-2007-1900",
      "lastModified": "2024-11-21T00:29:25.277",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:N/I:P/A:N\", \"baseScore\": 5.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 10.0, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2007-04-10T18:19:00.000",
      "references": "[{\"url\": \"http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://secunia.com/advisories/24824\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/25056\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://secunia.com/advisories/25057\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://secunia.com/advisories/25062\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://secunia.com/advisories/25445\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://secunia.com/advisories/25535\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://secunia.com/advisories/26231\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://secunia.com/advisories/27037\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://secunia.com/advisories/27102\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://secunia.com/advisories/27110\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://security.gentoo.org/glsa/glsa-200705-19.xml\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2007\u0026m=slackware-security.482863\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.debian.org/security/2007/dsa-1283\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.gentoo.org/security/en/glsa/glsa-200710-02.xml\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.novell.com/linux/security/advisories/2007_32_php.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.osvdb.org/33962\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.php-security.org/MOPB/PMOPB-45-2007.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.php.net/releases/5_2_3.php\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/bid/23359\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.trustix.org/errata/2007/0023/\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.ubuntu.com/usn/usn-455-1\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.vupen.com/english/advisories/2007/2016\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.vupen.com/english/advisories/2007/3386\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/33510\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6067\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00397.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/24824\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/25056\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/25057\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/25062\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/25445\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/25535\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/26231\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/27037\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/27102\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/27110\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://security.gentoo.org/glsa/glsa-200705-19.xml\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2007\u0026m=slackware-security.482863\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.debian.org/security/2007/dsa-1283\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.gentoo.org/security/en/glsa/glsa-200710-02.xml\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.novell.com/linux/security/advisories/2007_32_php.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.osvdb.org/33962\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.php-security.org/MOPB/PMOPB-45-2007.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.php.net/releases/5_2_3.php\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/23359\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.trustix.org/errata/2007/0023/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.ubuntu.com/usn/usn-455-1\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.vupen.com/english/advisories/2007/2016\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.vupen.com/english/advisories/2007/3386\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/33510\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6067\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00397.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "cve@mitre.org",
      "vendorComments": "[{\"organization\": \"Red Hat\", \"comment\": \"Not vulnerable. The filter extension was not shipped in the versions of PHP supplied for Red Hat Enterprise Linux 2.1, 3, 4, 5, Stronghold 4.0, or\\nRed Hat Application Stack 1.\\n\", \"lastModified\": \"2007-04-16T00:00:00\"}]",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-Other\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2007-1900\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2007-04-10T18:19:00.000\",\"lastModified\":\"2025-04-09T00:30:58.490\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"CRLF injection vulnerability in the FILTER_VALIDATE_EMAIL filter in ext/filter in PHP 5.2.0 and 5.2.1 allows context-dependent attackers to inject arbitrary e-mail headers via an e-mail address with a \u0027\\\\n\u0027 character, which causes a regular expression to ignore the subsequent part of the address string.\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidad de inyecci\u00f3n CRLF (retorno de carro y nueva l\u00ednea) en el filtro FILTER_VALIDATE_EMAIL en ext/filter de PHP 5.2.0 y 5.2.1 permite a atacantes locales o remotos dependiendo del contexto inyectar cabeceras de correo electr\u00f3nico de su elecci\u00f3n mediante una direcci\u00f3n de correo con un car\u00e1cter \u0027\\\\n\u0027, lo cual provoca que una expresi\u00f3n regular ignore la correspondiente parte de la cadena de direcci\u00f3n.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:N/I:P/A:N\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:php:php:5.2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CD02D837-FD28-4E0F-93F8-25E8D1C84A99\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:php:php:5.2.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"88358D1E-BE6F-4CE3-A522-83D1FA4739E3\"}]}]}],\"references\":[{\"url\":\"http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/24824\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/25056\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/25057\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/25062\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/25445\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/25535\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/26231\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/27037\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/27102\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/27110\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://security.gentoo.org/glsa/glsa-200705-19.xml\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2007\u0026m=slackware-security.482863\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.debian.org/security/2007/dsa-1283\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.gentoo.org/security/en/glsa/glsa-200710-02.xml\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.novell.com/linux/security/advisories/2007_32_php.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.osvdb.org/33962\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.php-security.org/MOPB/PMOPB-45-2007.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.php.net/releases/5_2_3.php\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/23359\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.trustix.org/errata/2007/0023/\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.ubuntu.com/usn/usn-455-1\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2007/2016\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2007/3386\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/33510\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6067\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00397.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/24824\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/25056\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/25057\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/25062\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/25445\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/25535\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/26231\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/27037\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/27102\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/27110\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://security.gentoo.org/glsa/glsa-200705-19.xml\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2007\u0026m=slackware-security.482863\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.debian.org/security/2007/dsa-1283\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.gentoo.org/security/en/glsa/glsa-200710-02.xml\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.novell.com/linux/security/advisories/2007_32_php.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.osvdb.org/33962\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.php-security.org/MOPB/PMOPB-45-2007.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.php.net/releases/5_2_3.php\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/23359\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.trustix.org/errata/2007/0023/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.ubuntu.com/usn/usn-455-1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2007/2016\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2007/3386\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/33510\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6067\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00397.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}],\"vendorComments\":[{\"organization\":\"Red Hat\",\"comment\":\"Not vulnerable. The filter extension was not shipped in the versions of PHP supplied for Red Hat Enterprise Linux 2.1, 3, 4, 5, Stronghold 4.0, or\\nRed Hat Application Stack 1.\\n\",\"lastModified\":\"2007-04-16T00:00:00\"}]}}"
  }
}

CERTA-2007-AVI-201

Vulnerability from certfr_avis - Published: - Updated:

Plusieurs vulnérabilités avaient été identifiées à l'occasion du MoPB (le Month Of PHP Bugs). L'exploitation de ces dernières peut avoir divers impacts sur le serveur vulnérable. Les mises à jour récentes de PHP corrigent la plupart de ces vulnérabilités.

Description

Plusieurs vulnérabilités avaient été identifiées en mars 2007 à l'occasion du MoPB (le Month Of PHP Bugs). A cette occasion, le CERTA a publié dans son bulletin d'actualité CERTA-2007-ACT-012 une revue des plus importantes d'entre elles. Les conséquences de l'exploitation de ces dernières sont diverses, pouvant être un dysfonctionnement du serveur vulnérable ou l'exécution de code arbitraire sur celui-ci.

Solution

Se référer aux bulletins de sécurité des différents éditeurs pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	PHP	PHP	PHP 5, pour les versions antérieures à 5.2.2.
	PHP	PHP	PHP 4, pour les versions antérieures à 4.4.7 ;

References

Title

Publication Time

Tags

Bulletins des mises à jour PHP du 03 mai 2007	None	vendor-advisory
Mise à jour de sécurité Fedora Core 6 du 18 avril 2007 :	-	other
Bulletin de sécurité Ubuntu USN-455-1 du 27 avril 2007 :	-	other
Bulletin de sécurité Mandriva MDKSA-2007:090 du 18 avril 2007 :	-	other
Site de téléchargement des dernières versions PHP :	-	other
Note de changement de version pour PHP 4 version 4.4.7 :	-	other
Bulletin de sécurité Mandriva MDKSA-2007:087 du 18 avril 2007 :	-	other
Bulletin de sécurité Mandriva MDKSA-2007:091 du 18 avril 2007 :	-	other
Bulletin de sécurité Gentoo GLSA-200705-19 du 26 mai 2007 :	-	other
Bulletin d'actualité CERTA-2007-ACT-012 du 23 mars 2007 :	-	other
Bulletin de sécurité SuSE SUSE-SA:2007:032 du 23 mai 2007 :	-	other
Note de changement de version pour PHP 5 version 5.2.2 :	-	other
Bulletin de sécurité Debian DSA 1283-1 du 29 avril 2007 :	-	other
Bulletin de sécurité Mandriva MDKSA-2007:089 du 18 avril 2007 :	-	other
Bulletin de sécurité RedHat RHSA-2007:0155 du 16 avril 2007 :	-	other
Bulletin de sécurité Mandriva MDKSA-2007:088 du 18 avril 2007 :	-	other
Bulletin de sécurité RedHat RHSA-2007:0153 du 20 avril 2007 :	-	other
Bulletin de sécurité Debian DSA 1282-1 du 26 avril 2007 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "PHP 5, pour les versions ant\u00e9rieures \u00e0 5.2.2.",
      "product": {
        "name": "PHP",
        "vendor": {
          "name": "PHP",
          "scada": false
        }
      }
    },
    {
      "description": "PHP 4, pour les versions ant\u00e9rieures \u00e0 4.4.7 ;",
      "product": {
        "name": "PHP",
        "vendor": {
          "name": "PHP",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nPlusieurs vuln\u00e9rabilit\u00e9s avaient \u00e9t\u00e9 identifi\u00e9es en mars 2007 \u00e0\nl\u0027occasion du MoPB (le Month Of PHP Bugs). A cette occasion, le CERTA a\npubli\u00e9 dans son bulletin d\u0027actualit\u00e9 CERTA-2007-ACT-012 une revue des\nplus importantes d\u0027entre elles. Les cons\u00e9quences de l\u0027exploitation de\nces derni\u00e8res sont diverses, pouvant \u00eatre un dysfonctionnement du\nserveur vuln\u00e9rable ou l\u0027ex\u00e9cution de code arbitraire sur celui-ci.\n\n## Solution\n\nSe r\u00e9f\u00e9rer aux bulletins de s\u00e9curit\u00e9 des diff\u00e9rents \u00e9diteurs pour\nl\u0027obtention des correctifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2007-1583",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-1583"
    },
    {
      "name": "CVE-2007-1889",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-1889"
    },
    {
      "name": "CVE-2007-1380",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-1380"
    },
    {
      "name": "CVE-2007-1711",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-1711"
    },
    {
      "name": "CVE-2007-1900",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-1900"
    },
    {
      "name": "CVE-2007-1718",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-1718"
    },
    {
      "name": "CVE-2007-1887",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-1887"
    },
    {
      "name": "CVE-2007-1376",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-1376"
    },
    {
      "name": "CVE-2007-1521",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-1521"
    },
    {
      "name": "CVE-2007-1375",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-1375"
    },
    {
      "name": "CVE-2007-1001",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-1001"
    },
    {
      "name": "CVE-2007-0455",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-0455"
    },
    {
      "name": "CVE-2007-1700",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-1700"
    },
    {
      "name": "CVE-2007-1453",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-1453"
    },
    {
      "name": "CVE-2007-1824",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-1824"
    },
    {
      "name": "CVE-2007-1777",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-1777"
    },
    {
      "name": "CVE-2007-1454",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-1454"
    },
    {
      "name": "CVE-2007-1286",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-1286"
    }
  ],
  "links": [
    {
      "title": "Mise \u00e0 jour de s\u00e9curit\u00e9 Fedora Core 6 du 18 avril 2007 :",
      "url": "http://download.fedora.redhat.com/pub/fedora/linux/core/updates/6/"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-455-1 du 27 avril 2007 :",
      "url": "http://www.ubuntu.com/usn/usn-455-1"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Mandriva MDKSA-2007:090 du 18 avril    2007 :",
      "url": "http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2007:090"
    },
    {
      "title": "Site de t\u00e9l\u00e9chargement des derni\u00e8res versions PHP :",
      "url": "http://fr2.php.net/downloads.php"
    },
    {
      "title": "Note de changement de version pour PHP 4 version 4.4.7 :",
      "url": "http://www.php.net/ChangeLog-4.php"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Mandriva MDKSA-2007:087 du 18 avril    2007 :",
      "url": "http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2007:087"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Mandriva MDKSA-2007:091 du 18 avril    2007 :",
      "url": "http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2007:091"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Gentoo GLSA-200705-19 du 26 mai 2007 :",
      "url": "http://www.gentoo.org/security/en/glsa/glsa-200705-19.xml"
    },
    {
      "title": "Bulletin d\u0027actualit\u00e9 CERTA-2007-ACT-012 du 23 mars 2007 :",
      "url": "http://www.certa.ssi.gouv.fr/site/CERTA-2007-ACT-012.pdf"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 SuSE SUSE-SA:2007:032 du 23 mai 2007 :",
      "url": "http://lists.suse.com/archive/suse-security-announce/2007-May/0007.html"
    },
    {
      "title": "Note de changement de version pour PHP 5 version 5.2.2 :",
      "url": "http://www.php.net/ChangeLog-5.php"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Debian DSA 1283-1 du 29 avril 2007 :",
      "url": "http://www.debian.org/security/2007/dsa-1283-1"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Mandriva MDKSA-2007:089 du 18 avril    2007 :",
      "url": "http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2007:089"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 RedHat RHSA-2007:0155 du 16 avril 2007    :",
      "url": "http://rhn.redhat.com/errata/RHSA-2007-0155.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Mandriva MDKSA-2007:088 du 18 avril    2007 :",
      "url": "http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2007:088"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 RedHat RHSA-2007:0153 du 20 avril 2007    :",
      "url": "http://rhn.redhat.com/errata/RHSA-2007-0153.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Debian DSA 1282-1 du 26 avril 2007 :",
      "url": "http://www.debian.org/security/2007/dsa-1282-1"
    }
  ],
  "reference": "CERTA-2007-AVI-201",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2007-05-07T00:00:00.000000"
    },
    {
      "description": "ajout des r\u00e9f\u0155ences aux bulletins de s\u00e9curit\u00e9 Gentoo, SuSE, Mandriva, Red Hat.",
      "revision_date": "2007-05-29T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "Plusieurs vuln\u00e9rabilit\u00e9s avaient \u00e9t\u00e9 identifi\u00e9es \u00e0 l\u0027occasion du MoPB\n(le \u003cspan class=\"textit\"\u003eMonth Of PHP Bugs\u003c/span\u003e). L\u0027exploitation de\nces derni\u00e8res peut avoir divers impacts sur le serveur vuln\u00e9rable. Les\nmises \u00e0 jour r\u00e9centes de PHP corrigent la plupart de ces vuln\u00e9rabilit\u00e9s.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans PHP",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletins des mises \u00e0 jour PHP du 03 mai 2007",
      "url": null
    }
  ]
}

CERTA-2007-AVI-201

Vulnerability from certfr_avis - Published: - Updated:

Description

Solution

Se référer aux bulletins de sécurité des différents éditeurs pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	PHP	PHP	PHP 5, pour les versions antérieures à 5.2.2.
	PHP	PHP	PHP 4, pour les versions antérieures à 4.4.7 ;

References

Title

Publication Time

Tags

Bulletins des mises à jour PHP du 03 mai 2007	None	vendor-advisory
Mise à jour de sécurité Fedora Core 6 du 18 avril 2007 :	-	other
Bulletin de sécurité Ubuntu USN-455-1 du 27 avril 2007 :	-	other
Bulletin de sécurité Mandriva MDKSA-2007:090 du 18 avril 2007 :	-	other
Site de téléchargement des dernières versions PHP :	-	other
Note de changement de version pour PHP 4 version 4.4.7 :	-	other
Bulletin de sécurité Mandriva MDKSA-2007:087 du 18 avril 2007 :	-	other
Bulletin de sécurité Mandriva MDKSA-2007:091 du 18 avril 2007 :	-	other
Bulletin de sécurité Gentoo GLSA-200705-19 du 26 mai 2007 :	-	other
Bulletin d'actualité CERTA-2007-ACT-012 du 23 mars 2007 :	-	other
Bulletin de sécurité SuSE SUSE-SA:2007:032 du 23 mai 2007 :	-	other
Note de changement de version pour PHP 5 version 5.2.2 :	-	other
Bulletin de sécurité Debian DSA 1283-1 du 29 avril 2007 :	-	other
Bulletin de sécurité Mandriva MDKSA-2007:089 du 18 avril 2007 :	-	other
Bulletin de sécurité RedHat RHSA-2007:0155 du 16 avril 2007 :	-	other
Bulletin de sécurité Mandriva MDKSA-2007:088 du 18 avril 2007 :	-	other
Bulletin de sécurité RedHat RHSA-2007:0153 du 20 avril 2007 :	-	other
Bulletin de sécurité Debian DSA 1282-1 du 26 avril 2007 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "PHP 5, pour les versions ant\u00e9rieures \u00e0 5.2.2.",
      "product": {
        "name": "PHP",
        "vendor": {
          "name": "PHP",
          "scada": false
        }
      }
    },
    {
      "description": "PHP 4, pour les versions ant\u00e9rieures \u00e0 4.4.7 ;",
      "product": {
        "name": "PHP",
        "vendor": {
          "name": "PHP",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nPlusieurs vuln\u00e9rabilit\u00e9s avaient \u00e9t\u00e9 identifi\u00e9es en mars 2007 \u00e0\nl\u0027occasion du MoPB (le Month Of PHP Bugs). A cette occasion, le CERTA a\npubli\u00e9 dans son bulletin d\u0027actualit\u00e9 CERTA-2007-ACT-012 une revue des\nplus importantes d\u0027entre elles. Les cons\u00e9quences de l\u0027exploitation de\nces derni\u00e8res sont diverses, pouvant \u00eatre un dysfonctionnement du\nserveur vuln\u00e9rable ou l\u0027ex\u00e9cution de code arbitraire sur celui-ci.\n\n## Solution\n\nSe r\u00e9f\u00e9rer aux bulletins de s\u00e9curit\u00e9 des diff\u00e9rents \u00e9diteurs pour\nl\u0027obtention des correctifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2007-1583",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-1583"
    },
    {
      "name": "CVE-2007-1889",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-1889"
    },
    {
      "name": "CVE-2007-1380",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-1380"
    },
    {
      "name": "CVE-2007-1711",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-1711"
    },
    {
      "name": "CVE-2007-1900",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-1900"
    },
    {
      "name": "CVE-2007-1718",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-1718"
    },
    {
      "name": "CVE-2007-1887",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-1887"
    },
    {
      "name": "CVE-2007-1376",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-1376"
    },
    {
      "name": "CVE-2007-1521",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-1521"
    },
    {
      "name": "CVE-2007-1375",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-1375"
    },
    {
      "name": "CVE-2007-1001",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-1001"
    },
    {
      "name": "CVE-2007-0455",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-0455"
    },
    {
      "name": "CVE-2007-1700",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-1700"
    },
    {
      "name": "CVE-2007-1453",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-1453"
    },
    {
      "name": "CVE-2007-1824",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-1824"
    },
    {
      "name": "CVE-2007-1777",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-1777"
    },
    {
      "name": "CVE-2007-1454",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-1454"
    },
    {
      "name": "CVE-2007-1286",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-1286"
    }
  ],
  "links": [
    {
      "title": "Mise \u00e0 jour de s\u00e9curit\u00e9 Fedora Core 6 du 18 avril 2007 :",
      "url": "http://download.fedora.redhat.com/pub/fedora/linux/core/updates/6/"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-455-1 du 27 avril 2007 :",
      "url": "http://www.ubuntu.com/usn/usn-455-1"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Mandriva MDKSA-2007:090 du 18 avril    2007 :",
      "url": "http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2007:090"
    },
    {
      "title": "Site de t\u00e9l\u00e9chargement des derni\u00e8res versions PHP :",
      "url": "http://fr2.php.net/downloads.php"
    },
    {
      "title": "Note de changement de version pour PHP 4 version 4.4.7 :",
      "url": "http://www.php.net/ChangeLog-4.php"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Mandriva MDKSA-2007:087 du 18 avril    2007 :",
      "url": "http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2007:087"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Mandriva MDKSA-2007:091 du 18 avril    2007 :",
      "url": "http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2007:091"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Gentoo GLSA-200705-19 du 26 mai 2007 :",
      "url": "http://www.gentoo.org/security/en/glsa/glsa-200705-19.xml"
    },
    {
      "title": "Bulletin d\u0027actualit\u00e9 CERTA-2007-ACT-012 du 23 mars 2007 :",
      "url": "http://www.certa.ssi.gouv.fr/site/CERTA-2007-ACT-012.pdf"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 SuSE SUSE-SA:2007:032 du 23 mai 2007 :",
      "url": "http://lists.suse.com/archive/suse-security-announce/2007-May/0007.html"
    },
    {
      "title": "Note de changement de version pour PHP 5 version 5.2.2 :",
      "url": "http://www.php.net/ChangeLog-5.php"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Debian DSA 1283-1 du 29 avril 2007 :",
      "url": "http://www.debian.org/security/2007/dsa-1283-1"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Mandriva MDKSA-2007:089 du 18 avril    2007 :",
      "url": "http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2007:089"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 RedHat RHSA-2007:0155 du 16 avril 2007    :",
      "url": "http://rhn.redhat.com/errata/RHSA-2007-0155.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Mandriva MDKSA-2007:088 du 18 avril    2007 :",
      "url": "http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2007:088"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 RedHat RHSA-2007:0153 du 20 avril 2007    :",
      "url": "http://rhn.redhat.com/errata/RHSA-2007-0153.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Debian DSA 1282-1 du 26 avril 2007 :",
      "url": "http://www.debian.org/security/2007/dsa-1282-1"
    }
  ],
  "reference": "CERTA-2007-AVI-201",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2007-05-07T00:00:00.000000"
    },
    {
      "description": "ajout des r\u00e9f\u0155ences aux bulletins de s\u00e9curit\u00e9 Gentoo, SuSE, Mandriva, Red Hat.",
      "revision_date": "2007-05-29T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "Plusieurs vuln\u00e9rabilit\u00e9s avaient \u00e9t\u00e9 identifi\u00e9es \u00e0 l\u0027occasion du MoPB\n(le \u003cspan class=\"textit\"\u003eMonth Of PHP Bugs\u003c/span\u003e). L\u0027exploitation de\nces derni\u00e8res peut avoir divers impacts sur le serveur vuln\u00e9rable. Les\nmises \u00e0 jour r\u00e9centes de PHP corrigent la plupart de ces vuln\u00e9rabilit\u00e9s.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans PHP",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletins des mises \u00e0 jour PHP du 03 mai 2007",
      "url": null
    }
  ]
}

GHSA-FMJW-VR42-9FW5

Vulnerability from github – Published: 2022-05-01 17:58 – Updated: 2025-04-09 03:39

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2007-1900"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2007-04-10T18:19:00Z",
    "severity": "MODERATE"
  },
  "details": "CRLF injection vulnerability in the FILTER_VALIDATE_EMAIL filter in ext/filter in PHP 5.2.0 and 5.2.1 allows context-dependent attackers to inject arbitrary e-mail headers via an e-mail address with a \u0027\\n\u0027 character, which causes a regular expression to ignore the subsequent part of the address string.",
  "id": "GHSA-fmjw-vr42-9fw5",
  "modified": "2025-04-09T03:39:52Z",
  "published": "2022-05-01T17:58:05Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-1900"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33510"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6067"
    },
    {
      "type": "WEB",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00397.html"
    },
    {
      "type": "WEB",
      "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/24824"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/25056"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/25057"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/25062"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/25445"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/25535"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/26231"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/27037"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/27102"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/27110"
    },
    {
      "type": "WEB",
      "url": "http://security.gentoo.org/glsa/glsa-200705-19.xml"
    },
    {
      "type": "WEB",
      "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2007\u0026m=slackware-security.482863"
    },
    {
      "type": "WEB",
      "url": "http://www.debian.org/security/2007/dsa-1283"
    },
    {
      "type": "WEB",
      "url": "http://www.gentoo.org/security/en/glsa/glsa-200710-02.xml"
    },
    {
      "type": "WEB",
      "url": "http://www.novell.com/linux/security/advisories/2007_32_php.html"
    },
    {
      "type": "WEB",
      "url": "http://www.osvdb.org/33962"
    },
    {
      "type": "WEB",
      "url": "http://www.php-security.org/MOPB/PMOPB-45-2007.html"
    },
    {
      "type": "WEB",
      "url": "http://www.php.net/releases/5_2_3.php"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/23359"
    },
    {
      "type": "WEB",
      "url": "http://www.trustix.org/errata/2007/0023"
    },
    {
      "type": "WEB",
      "url": "http://www.ubuntu.com/usn/usn-455-1"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2007/2016"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2007/3386"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GSD-2007-1900

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2007-1900

Aliases

CVE-2007-1900

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2007-1900",
    "description": "CRLF injection vulnerability in the FILTER_VALIDATE_EMAIL filter in ext/filter in PHP 5.2.0 and 5.2.1 allows context-dependent attackers to inject arbitrary e-mail headers via an e-mail address with a \u0027\\n\u0027 character, which causes a regular expression to ignore the subsequent part of the address string.",
    "id": "GSD-2007-1900",
    "references": [
      "https://www.suse.com/security/cve/CVE-2007-1900.html",
      "https://www.debian.org/security/2007/dsa-1283"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2007-1900"
      ],
      "details": "CRLF injection vulnerability in the FILTER_VALIDATE_EMAIL filter in ext/filter in PHP 5.2.0 and 5.2.1 allows context-dependent attackers to inject arbitrary e-mail headers via an e-mail address with a \u0027\\n\u0027 character, which causes a regular expression to ignore the subsequent part of the address string.",
      "id": "GSD-2007-1900",
      "modified": "2023-12-13T01:21:40.188118Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2007-1900",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "CRLF injection vulnerability in the FILTER_VALIDATE_EMAIL filter in ext/filter in PHP 5.2.0 and 5.2.1 allows context-dependent attackers to inject arbitrary e-mail headers via an e-mail address with a \u0027\\n\u0027 character, which causes a regular expression to ignore the subsequent part of the address string."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "26231",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/26231"
          },
          {
            "name": "25056",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/25056"
          },
          {
            "name": "27110",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/27110"
          },
          {
            "name": "DSA-1283",
            "refsource": "DEBIAN",
            "url": "http://www.debian.org/security/2007/dsa-1283"
          },
          {
            "name": "33962",
            "refsource": "OSVDB",
            "url": "http://www.osvdb.org/33962"
          },
          {
            "name": "GLSA-200705-19",
            "refsource": "GENTOO",
            "url": "http://security.gentoo.org/glsa/glsa-200705-19.xml"
          },
          {
            "name": "ADV-2007-2016",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2007/2016"
          },
          {
            "name": "php-filtervalidateemail-header-injection(33510)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33510"
          },
          {
            "name": "GLSA-200710-02",
            "refsource": "GENTOO",
            "url": "http://www.gentoo.org/security/en/glsa/glsa-200710-02.xml"
          },
          {
            "name": "oval:org.mitre.oval:def:6067",
            "refsource": "OVAL",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6067"
          },
          {
            "name": "25062",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/25062"
          },
          {
            "name": "http://www.php-security.org/MOPB/PMOPB-45-2007.html",
            "refsource": "MISC",
            "url": "http://www.php-security.org/MOPB/PMOPB-45-2007.html"
          },
          {
            "name": "FEDORA-2007-2215",
            "refsource": "FEDORA",
            "url": "https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00397.html"
          },
          {
            "name": "24824",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/24824"
          },
          {
            "name": "2007-0023",
            "refsource": "TRUSTIX",
            "url": "http://www.trustix.org/errata/2007/0023/"
          },
          {
            "name": "USN-455-1",
            "refsource": "UBUNTU",
            "url": "http://www.ubuntu.com/usn/usn-455-1"
          },
          {
            "name": "ADV-2007-3386",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2007/3386"
          },
          {
            "name": "27037",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/27037"
          },
          {
            "name": "SSA:2007-152-01",
            "refsource": "SLACKWARE",
            "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2007\u0026m=slackware-security.482863"
          },
          {
            "name": "http://www.php.net/releases/5_2_3.php",
            "refsource": "CONFIRM",
            "url": "http://www.php.net/releases/5_2_3.php"
          },
          {
            "name": "SSRT071447",
            "refsource": "HP",
            "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795"
          },
          {
            "name": "HPSBUX02262",
            "refsource": "HP",
            "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795"
          },
          {
            "name": "25535",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/25535"
          },
          {
            "name": "27102",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/27102"
          },
          {
            "name": "25445",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/25445"
          },
          {
            "name": "23359",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/23359"
          },
          {
            "name": "25057",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/25057"
          },
          {
            "name": "SUSE-SA:2007:032",
            "refsource": "SUSE",
            "url": "http://www.novell.com/linux/security/advisories/2007_32_php.html"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.2.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:php:php:5.2.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-1900"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "CRLF injection vulnerability in the FILTER_VALIDATE_EMAIL filter in ext/filter in PHP 5.2.0 and 5.2.1 allows context-dependent attackers to inject arbitrary e-mail headers via an e-mail address with a \u0027\\n\u0027 character, which causes a regular expression to ignore the subsequent part of the address string."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-Other"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.php-security.org/MOPB/PMOPB-45-2007.html",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://www.php-security.org/MOPB/PMOPB-45-2007.html"
            },
            {
              "name": "23359",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/23359"
            },
            {
              "name": "24824",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/24824"
            },
            {
              "name": "DSA-1283",
              "refsource": "DEBIAN",
              "tags": [],
              "url": "http://www.debian.org/security/2007/dsa-1283"
            },
            {
              "name": "USN-455-1",
              "refsource": "UBUNTU",
              "tags": [],
              "url": "http://www.ubuntu.com/usn/usn-455-1"
            },
            {
              "name": "25062",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/25062"
            },
            {
              "name": "25057",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/25057"
            },
            {
              "name": "33962",
              "refsource": "OSVDB",
              "tags": [],
              "url": "http://www.osvdb.org/33962"
            },
            {
              "name": "http://www.php.net/releases/5_2_3.php",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://www.php.net/releases/5_2_3.php"
            },
            {
              "name": "FEDORA-2007-2215",
              "refsource": "FEDORA",
              "tags": [],
              "url": "https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00397.html"
            },
            {
              "name": "GLSA-200705-19",
              "refsource": "GENTOO",
              "tags": [],
              "url": "http://security.gentoo.org/glsa/glsa-200705-19.xml"
            },
            {
              "name": "GLSA-200710-02",
              "refsource": "GENTOO",
              "tags": [],
              "url": "http://www.gentoo.org/security/en/glsa/glsa-200710-02.xml"
            },
            {
              "name": "SSA:2007-152-01",
              "refsource": "SLACKWARE",
              "tags": [],
              "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2007\u0026m=slackware-security.482863"
            },
            {
              "name": "SUSE-SA:2007:032",
              "refsource": "SUSE",
              "tags": [],
              "url": "http://www.novell.com/linux/security/advisories/2007_32_php.html"
            },
            {
              "name": "2007-0023",
              "refsource": "TRUSTIX",
              "tags": [],
              "url": "http://www.trustix.org/errata/2007/0023/"
            },
            {
              "name": "25056",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/25056"
            },
            {
              "name": "25445",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/25445"
            },
            {
              "name": "25535",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/25535"
            },
            {
              "name": "26231",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/26231"
            },
            {
              "name": "27037",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/27037"
            },
            {
              "name": "27110",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/27110"
            },
            {
              "name": "27102",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/27102"
            },
            {
              "name": "SSRT071447",
              "refsource": "HP",
              "tags": [],
              "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795"
            },
            {
              "name": "ADV-2007-3386",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2007/3386"
            },
            {
              "name": "ADV-2007-2016",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2007/2016"
            },
            {
              "name": "php-filtervalidateemail-header-injection(33510)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33510"
            },
            {
              "name": "oval:org.mitre.oval:def:6067",
              "refsource": "OVAL",
              "tags": [],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6067"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2017-10-11T01:32Z",
      "publishedDate": "2007-04-10T18:19Z"
    }
  }
}

FKIE_CVE-2007-1900

Vulnerability from fkie_nvd - Published: 2007-04-10 18:19 - Updated: 2025-04-09 00:30

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795
cve@mitre.org	http://secunia.com/advisories/24824	Vendor Advisory
cve@mitre.org	http://secunia.com/advisories/25056
cve@mitre.org	http://secunia.com/advisories/25057
cve@mitre.org	http://secunia.com/advisories/25062
cve@mitre.org	http://secunia.com/advisories/25445
cve@mitre.org	http://secunia.com/advisories/25535
cve@mitre.org	http://secunia.com/advisories/26231
cve@mitre.org	http://secunia.com/advisories/27037
cve@mitre.org	http://secunia.com/advisories/27102
cve@mitre.org	http://secunia.com/advisories/27110
cve@mitre.org	http://security.gentoo.org/glsa/glsa-200705-19.xml
cve@mitre.org	http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.482863
cve@mitre.org	http://www.debian.org/security/2007/dsa-1283
cve@mitre.org	http://www.gentoo.org/security/en/glsa/glsa-200710-02.xml
cve@mitre.org	http://www.novell.com/linux/security/advisories/2007_32_php.html
cve@mitre.org	http://www.osvdb.org/33962
cve@mitre.org	http://www.php-security.org/MOPB/PMOPB-45-2007.html	Vendor Advisory
cve@mitre.org	http://www.php.net/releases/5_2_3.php
cve@mitre.org	http://www.securityfocus.com/bid/23359
cve@mitre.org	http://www.trustix.org/errata/2007/0023/
cve@mitre.org	http://www.ubuntu.com/usn/usn-455-1
cve@mitre.org	http://www.vupen.com/english/advisories/2007/2016
cve@mitre.org	http://www.vupen.com/english/advisories/2007/3386
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/33510
cve@mitre.org	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6067
cve@mitre.org	https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00397.html
af854a3a-2127-422b-91ae-364da2661108	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/24824	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/25056
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/25057
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/25062
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/25445
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/25535
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/26231
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/27037
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/27102
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/27110
af854a3a-2127-422b-91ae-364da2661108	http://security.gentoo.org/glsa/glsa-200705-19.xml
af854a3a-2127-422b-91ae-364da2661108	http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.482863
af854a3a-2127-422b-91ae-364da2661108	http://www.debian.org/security/2007/dsa-1283
af854a3a-2127-422b-91ae-364da2661108	http://www.gentoo.org/security/en/glsa/glsa-200710-02.xml
af854a3a-2127-422b-91ae-364da2661108	http://www.novell.com/linux/security/advisories/2007_32_php.html
af854a3a-2127-422b-91ae-364da2661108	http://www.osvdb.org/33962
af854a3a-2127-422b-91ae-364da2661108	http://www.php-security.org/MOPB/PMOPB-45-2007.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.php.net/releases/5_2_3.php
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/23359
af854a3a-2127-422b-91ae-364da2661108	http://www.trustix.org/errata/2007/0023/
af854a3a-2127-422b-91ae-364da2661108	http://www.ubuntu.com/usn/usn-455-1
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2007/2016
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2007/3386
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/33510
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6067
af854a3a-2127-422b-91ae-364da2661108	https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00397.html

Impacted products

	Vendor	Product	Version
	php	php	5.2.0
	php	php	5.2.1

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:php:php:5.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "CD02D837-FD28-4E0F-93F8-25E8D1C84A99",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:5.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "88358D1E-BE6F-4CE3-A522-83D1FA4739E3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "CRLF injection vulnerability in the FILTER_VALIDATE_EMAIL filter in ext/filter in PHP 5.2.0 and 5.2.1 allows context-dependent attackers to inject arbitrary e-mail headers via an e-mail address with a \u0027\\n\u0027 character, which causes a regular expression to ignore the subsequent part of the address string."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de inyecci\u00f3n CRLF (retorno de carro y nueva l\u00ednea) en el filtro FILTER_VALIDATE_EMAIL en ext/filter de PHP 5.2.0 y 5.2.1 permite a atacantes locales o remotos dependiendo del contexto inyectar cabeceras de correo electr\u00f3nico de su elecci\u00f3n mediante una direcci\u00f3n de correo con un car\u00e1cter \u0027\\n\u0027, lo cual provoca que una expresi\u00f3n regular ignore la correspondiente parte de la cadena de direcci\u00f3n."
    }
  ],
  "id": "CVE-2007-1900",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2007-04-10T18:19:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/24824"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/25056"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/25057"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/25062"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/25445"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/25535"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/26231"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/27037"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/27102"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/27110"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://security.gentoo.org/glsa/glsa-200705-19.xml"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2007\u0026m=slackware-security.482863"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.debian.org/security/2007/dsa-1283"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.gentoo.org/security/en/glsa/glsa-200710-02.xml"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.novell.com/linux/security/advisories/2007_32_php.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.osvdb.org/33962"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.php-security.org/MOPB/PMOPB-45-2007.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.php.net/releases/5_2_3.php"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/23359"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.trustix.org/errata/2007/0023/"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.ubuntu.com/usn/usn-455-1"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2007/2016"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2007/3386"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33510"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6067"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00397.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/24824"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/25056"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/25057"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/25062"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/25445"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/25535"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/26231"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/27037"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/27102"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/27110"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://security.gentoo.org/glsa/glsa-200705-19.xml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2007\u0026m=slackware-security.482863"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2007/dsa-1283"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.gentoo.org/security/en/glsa/glsa-200710-02.xml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.novell.com/linux/security/advisories/2007_32_php.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.osvdb.org/33962"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.php-security.org/MOPB/PMOPB-45-2007.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.php.net/releases/5_2_3.php"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/23359"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.trustix.org/errata/2007/0023/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ubuntu.com/usn/usn-455-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2007/2016"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2007/3386"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33510"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6067"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00397.html"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vendorComments": [
    {
      "comment": "Not vulnerable. The filter extension was not shipped in the versions of PHP supplied for Red Hat Enterprise Linux 2.1, 3, 4, 5, Stronghold 4.0, or\nRed Hat Application Stack 1.\n",
      "lastModified": "2007-04-16T00:00:00",
      "organization": "Red Hat"
    }
  ],
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2007-1900 (GCVE-0-2007-1900)

CERTA-2007-AVI-201

Description

Solution

CERTA-2007-AVI-201

Description

Solution

GHSA-FMJW-VR42-9FW5

GSD-2007-1900

FKIE_CVE-2007-1900

Tags

Sightings

Nomenclature